The University at Buffalo reported that about 2,700 students, alumni, faculty and staff accounts were compromised when a third-party vendor was breached.
The school said in a statement login credentials were compromised when an unnamed third-party vendor suffered a data breach. Those involved had their passwords and usernames exposed when they logged into a non-UB website using their school login information. The issue was discovered on May 12 and the school is still investigating which of the external website was involved.
“At this point, we do not have evidence that individuals' financial, academic or private information was viewed or stolen; however we are contacting impacted individuals to make them aware of this issue and to inform them how to take precautions to protect themselves against possible misuse of their information,” UB Associate Vice President for Media Relations John Della Contrada said in a statement.
About 1,800 of those affected were students, 862 were alumni with the remaining 28 accounts belonging to staff and faculty. Della Contrada said to SC Media that all passwords have now been reset.